Best answer by RetiredTripleHelixView original
Best answer by RetiredTripleHelixView original
Already have an account? Login
No account yet? Create an account
Enter your username or e-mail address. We'll send you an e-mail with instructions to reset your password.
Understand where you are coming from here but let me try to reply to each point specifically before you completely give up on WSA. ;)
Normal plain old install. Completely removed avast using the avast uninstaller. Cleaned up any left overs and rebooted.
Baldrick - Perfect approach
Installed WSA and downloaded the eiar test file usign Chrome. No detection. No alarm.
Baldrick - I have done the same and it does not warn or alarm given the way that I advised that WSA works...until the malware goes active it will not be intercepted/reported...but in the case of eicar...WSA knows what it is and so ignores it...as do some other AVs I know.
Downloaded using IE 11. No detection. No alarm. Nothing in logs.
Baldrick - as per above.
Did a scan and it was detected.
Baldrick - in this case because you are scannng it will report, etc. That is how WSA works.
Does WSA have website ratings when you Google stuff like WOT?
Baldrick - Yes, it does; and in fact Webroot is just rolling out a new version to the user base via silent updates, so it is possible that you would not yet have had it with what you installed. I have received it and it provides the rating of search results in IE, Chrome & Firefox, etc.
How come there is no Chrome plugin to be found?
Baldrick - As stated above there is cover for Chrome in the new Threat Shield that is being rolled out (slowly), but you are still well protected by WSA even if yo have not yet got it.
Unisntalled WSA and tried again. Samething. Downloaded some malware samples and "none" where detected.
Baldrick - Not surprised given what I have advised in terms of what you said about your first install/testing.
All verifed using Virustotal. Scanned with MBAM and all 4 samples were detected.
Baldrick - At the risk of being boring the reason for this is what I have already advised, i.e., that the WSA protection philospohy/the way it works is different to what I would euphamistically called 'traditional' solutions. ANd I have to admit that it does take some time to get used to/trust...but that is because we have been brought up on the 'traditional', etc.
I was done with WSA.
Baldrick - Far from me trying to convince you I will try to find some links to articles to support what I am saying so that hopefully you can make an informed choice.
Mounted my stored image with avast. Sorry but I have tried every av out there and never have I ran accross something like this. Heck even Comodo detects more. Thanks anyways.
Baldrick - One last thing...it is not about just detection (but I am sure that you know this) but also about prevention/interception & correcting...all of which WSA IMHO does very, very well.
Anyway, I hope you will consider what my responses and take a fresh look at WSA. :D
Please feel free to post back if yo do so decide and have more questions.
As had already been mentioned we operate so completely differently to other AV`s. We see infections all the time before other AV vendors do.
Dormant files even if malicious but only sitting on your HD are harmless. However once executed WSA will catch them and handle them accordingly (block, delete, put to quarantine etc.).
As for the shield, the new web shield (based on BrightCloud technology) is being rolled out progressively and possibly you have not received it yet. Nevertheless you have "the old shield" that does its work still perfectly. On top of that there are other WSA modules/shields which are protecting you in the same time. So there is no reason to be somehow worried.
Last but not least, WSA is so good that you can use it alone what many users, including me, do. ;)
Welcome to the Community Forums :D
Sorry to hear that you have had a bad experience with WSA. To try to get to the bottom of what you have seen (which I must say is most untypical in my experience) can you advise as to the precise actions that you undertook to get the result that you did.
Was the infection actual or are you just saying that WSA did not detect the malware at download? Reason I ask is because WSA looks for active threats and a piece of malware that is on the disk but effectively dormant will not be detected (as it is not doing any harm). However, should it try to activate/run then WSA will detect and jump into block if it identifies it as a threat. If it cannot determine it as either good or bad it will switch to monitor mod, journalling any actions the monitored program undertakes and if a lter determination is that the program is bad then it will block it and then reverse the actions it has taken (nd were monitored) prior to the 'bad' determination.
Do not know if that helps explain what you may have seen, but please feel free to ask further questions and we at the Community will try to answer/explain. ;)
May I suggest that you open a Support Ticket and provide a synopsis of your issue(s). At this stage I believe that they are the only source of assistance for your issue(s).
I will correct you on the point "What about the people that just spent $30-50 on WSA 2014? They dont even get a webshield?". They DO get a web shield...it is the current one NOT the new one that is being rolled out progressively.
If you are using v126.96.36.199 then you are using the most current version...as I said before the new web shield is being rollout electronically and is not part of the current downloadable installer.
Finally, the roll back features are under the cover and their use is determined by WSA. There is (thanksfully) not option for user control. If you require that then I would suggest dedicated rollback software...there are a number available.
Open a ticket and see what the Support Team can do to help.
As TripleHelix said...the new functionality is coming...and I believe that they will be accelerating the tranches of user keycodes that get updated...as the monitor the current and are satisfied that the new shield is at least as good as the old one...and most likely better.
As TH said...patience is required. I have two licenses for WSA...one has received the update, the other not yet. ;)
Static virus scans are not very effective, especially since the WSA technology stack does not have a heavy local analysis component. This is why WSA is the fastest on the market.
In order to test WSA effectiveness you need an isolated network and VM since it will require actually triggering execution and monitoring progression. At that point it will be detected, or sandboxed until it's detected. For this reason it's not possible for someone without a specialized setup to actually test functionality except by using EICAR test file. Ultimately, right click scans are artificial scenarios that can not be used to judge any company's antivirus suite's level of effectiveness. It just so happens that WSA is especially weak in this area because of it's different approach. What matters is the end result.
VirusTotal themselves have taken a position on this issue, which I've pasted below:
BAD IDEA: VirusTotal for antivirus/URL scannertestingAt VirusTotal we are tired of repeating that the service was not designed as a tool to perform antivirus comparative analyses, but as a tool that checks suspicious samples with several antivirus solutions and helps antivirus labs by forwarding them the malware they fail to detect. Those who use VirusTotal to perform antivirus comparative analyses should know that they are making many implicit errors in their methodology, the most obvious being:
As I stated in my previous post, static scans of executables sitting on a disk are not something you can judge an antivirus based on. Antivirus can only be truly measured in real-world conditions where a malicious executable is launched on physical hardware. This is the position of every major antivirus vendor, including Symantec, and even VirusTotal which provides the results of static scans. The antivirus testing organizations recognize this as well, and one is even redesigning their testing protocols to take into account the way that WSA works compared to other products.
Malware is such a complex problem with such complex solutions that it can not be tested simply. In fact, malware is designed to not do anything if it detects a testing scenario, further complicating issues.
In the nineties a method was developed to safely test if an antivirus is actually engaged in protecting a machine. It is called the EICAR test file and you can find it here. http://www.eicar.org/86-0-Intended-use.html
If you care about deep local inspection of files and are not interested in other facets of the Webroot solution or approach, then I concede that this is definitely not a product for you. I completely respect that approach and I have in fact questioned Webroot directly about their static executable analysis and detection rates.
My position is that their other innovations, user experience benefits, buttressing and final outcomes outweigh those negatives. But if that is a metric that you cannot compromise on then your opinion is perfectly reasonable.
what are your versions of Chrome and IE ?
When I download and install a product it should work as designed. I have watched YouTube videos on WSA and see a webshield but not in my case. I have tried CIS,NIS,KIS,AIS,PCA and others. Never an issue. I felt like I had NO antivirus running at all. Right up there with MSE. I wanna see alarms going off and a webpage saying "malware blocked". Why was the eicar test not even detected when clicked on or when download was finished?
And if WSA is so good then why do use KIS with it? It should be able to stand on its own.
It appears that you mind is made up and so be it. I have tried to explain that WSA works in a different way to 'traditional' AVs/ISs and what you are seeing is as a result of that.
I am not trying to convince you to change your mind; rather just responding to your assertion that "...there are people at Wilders complaining about the samething" by saying that there are 30+ million WSA users...and I do not think that 30+ million users (especially a good number of business users) would be using WSA if what you are saying is the case.
The roll out of the NEW (there is protection from the current one) Threat Shiled is being rolled out as we speak...and I suspect that alot of the comments & criticism that you are referring to is due to the fact that this si taking longer than expected and at present Webroot have not provided much indication of when users will get it/how long it will take. This has been the subject of some serious communication between senior Forum members and the powers that be, etc.
Anyway, if you wish to become more accquainted with the way WSA works then please stick around...if not and your mind is made up I wish you well with whatever security app(s) you decide to go forward with...and a malware free experience. :D
All the best
1. I beta test for Kaspersky as well, and prior to using WSA I used KIS, so have an attachment to it.
2. No one solution (even WSA...;)) is 100% secure and so I prefer a layered approach, as I believe do many others.
3. WSA is designed to be used on its own if the user so desires but it is also designed to co-exist/complement other
AVs/ISs...something it does better than any other AV/IS I know of.
4. I beta test WSA and given 2. & 3. above it makes sense for me to run both.
5. Of the two laptops we also use in my family BOTH run ONLY WSA. It is only the main, desktop system that runs both
apps...and I feel safe on the laptops with just WSA...despite what I said in 2. above.
As I said earlier...I am not going to try to convince you as your mind is obvioulsy made up...that is your right & perogative. If that is the case then you are welcome to stick around...but if you do please desist with the ranting...I contend that you have made your point...for anyone reading the thread to see.
As I said...I wish you well for the future...with or without WSA.
PS. I am not a Webroot employee, nor have any affiliation with the company other than being a user of WSA and a Community Forum member. 😉
FYI...............The file listed on Virustotal I provided was executed with NO detection. I was placed in my start up folder. Was succesfully remvoed with MBAM Free.
How can I get Webroot Filtering Extension version 188.8.131.52?
Glad to hear that you are not a lost case...;)
If you have concerns about what you are seeing then I would take up the offer that Rakanisheu made in post 10. If you provide him with what he has requested he can get to work to understand what is happening on your system. You will be in good hands with him. :D
To answer the 1st question of your last post; because it is part of the NEW Web Threat Shield, and from the looks of things it has not yet been rolled out to your installation.
2nd question; you have to wait for it to be rolled out to you. You may have seen in other threads/posts on the subject that there are some that have it and some who do not yet. As I said previously senior member sof the Community are in contact with Webroot to try to get more infomation about where we are in the roll out and when it is expected to be complete...but with 30+ million users to update it has been taking a while and could go on for some time...unfortuantely all I can say at this time is...please be patient...if you decide to persist with WSA.
Maybe the other point is that it is not always great to show the general public parts of advanced builds (ie - BETAs or not fully released to the public) before they are included in current build / release (be it downloaded installed or 'pushed' from the backend server the moment the software becomes active).